@meshconnect/web-link-sdk 3.1.8 → 3.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/Link.js +22 -21
  2. package/package.json +1 -1
  3. package/utils/version.d.ts +1 -1
  4. package/utils/version.js +1 -1
package/Link.js CHANGED
@@ -51,29 +51,29 @@ import { isWalletBrowserEventTypeKey } from './utils/wallet-browser-event-types'
51
51
  import { sdkSpecs } from './utils/sdk-specs';
52
52
  import { WalletStrategyFactory } from './utils/wallet';
53
53
  var currentOptions;
54
- var possibleOrigins = new Set([
55
- 'https://web.meshconnect.com',
56
- 'https://dev-web.meshconnect.com'
57
- ]);
54
+ var targetOrigin;
55
+ var linkTokenOrigin;
58
56
  var iframeElement = function () {
59
57
  return document.getElementById(iframeId);
60
58
  };
61
59
  function sendMessageToIframe(message) {
62
- possibleOrigins.forEach(function (origin) {
63
- var _a;
64
- var iframe = iframeElement();
65
- if (!iframe) {
66
- console.warn("Mesh SDK: Failed to deliver ".concat(message.type, " message to the iframe - no iframe element found"));
67
- return;
68
- }
69
- try {
70
- (_a = iframe.contentWindow) === null || _a === void 0 ? void 0 : _a.postMessage(message, origin);
71
- }
72
- catch (e) {
73
- console.error("Mesh SDK: Failed to deliver ".concat(message.type, " message to the iframe"));
74
- console.error(e);
75
- }
76
- });
60
+ var _a;
61
+ var iframe = iframeElement();
62
+ if (!iframe) {
63
+ console.warn("Mesh SDK: Failed to deliver ".concat(message.type, " message to the iframe - no iframe element found"));
64
+ return;
65
+ }
66
+ if (!targetOrigin) {
67
+ console.warn("Mesh SDK: Failed to deliver ".concat(message.type, " message to the iframe - no target origin found"));
68
+ return;
69
+ }
70
+ try {
71
+ (_a = iframe.contentWindow) === null || _a === void 0 ? void 0 : _a.postMessage(message, targetOrigin);
72
+ }
73
+ catch (e) {
74
+ console.error("Mesh SDK: Failed to deliver ".concat(message.type, " message to the iframe"));
75
+ console.error(e);
76
+ }
77
77
  }
78
78
  function handleLinkEvent(event) {
79
79
  return __awaiter(this, void 0, void 0, function () {
@@ -345,7 +345,7 @@ function eventsListener(event) {
345
345
  return __generator(this, function (_a) {
346
346
  switch (_a.label) {
347
347
  case 0:
348
- if (!!possibleOrigins.has(event.origin)) return [3 /*break*/, 1];
348
+ if (!(event.origin !== targetOrigin && event.origin !== linkTokenOrigin)) return [3 /*break*/, 1];
349
349
  console.warn('Received message from untrusted origin:', event.origin);
350
350
  return [3 /*break*/, 5];
351
351
  case 1:
@@ -382,10 +382,11 @@ export var createLink = function (options) {
382
382
  }
383
383
  currentOptions = options;
384
384
  linkUrl = window.atob(linkToken);
385
+ linkTokenOrigin = new URL(linkUrl).origin;
385
386
  window.removeEventListener('message', eventsListener);
386
387
  addPopup(linkUrl, currentOptions === null || currentOptions === void 0 ? void 0 : currentOptions.language);
387
388
  window.addEventListener('message', eventsListener);
388
- possibleOrigins.add(window.location.origin);
389
+ targetOrigin = window.location.origin;
389
390
  return [2 /*return*/];
390
391
  });
391
392
  }); };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@meshconnect/web-link-sdk",
3
- "version": "3.1.8",
3
+ "version": "3.1.9",
4
4
  "description": "A client-side JS library for integrating with Mesh Connect",
5
5
  "exports": "./index.js",
6
6
  "license": "MIT",
package/utils/version.d.ts CHANGED
@@ -1 +1 @@
1
- export declare const sdkVersion = "3.1.8";
1
+ export declare const sdkVersion = "3.1.9";
package/utils/version.js CHANGED
@@ -1 +1 @@
1
- export var sdkVersion = '3.1.8';
1
+ export var sdkVersion = '3.1.9';